Small to medium enterprises (SMEs) are experiencing an increase in the costs of IT services. A study by Deloitte found that 59% of businesses outsource IT services to cut these costs1, or they are managed internally by an individual or small team responsible for the business’s ‘digital estate’ and cybersecurity.
SMEs are still being disproportionately targeted by cyber criminals, with employees four times more likely to face a cyber threat than those at large organisations2. Their motives include financial gain, disruption extortion, obtaining intellectual property, or to simply observe business interactions.
What should SMEs consider implementing to help their digital and cyber resilience?
It is highly recommended that SMEs and their employees develop a digital and cyber resilience strategy to ensure the necessary cybersecurity hygiene for operating in the digital domain. This strategy should be well practiced and actionable.
Lacking the fundamentals to reduce or mitigate potential cyber risks, regardless of business size, can determine whether a company contains the issue and recovers quickly, or suffers prolonged damage that hinders recovery.
Here are potential steps an SME can consider implementing (in no specific order):
- Conduct regular cybersecurity training and raise awareness of various social engineering tactics used by threat actors (e.g., emails, texts, phone calls, instant messaging).
- Regularly install security patches and enable system logs.
- Limit user permissions and controls.
- Develop an incident response, business continuity, and disaster recovery plan, supported by a monitoring tool (e.g., endpoint detection and response).
- Include an incident response retainer for proactive reviews of your environment, with support for cybersecurity incidents and threat intelligence to identify compromised user credentials on criminal forums.
- Harden the security configurations of systems, applications, and cloud services. Ensure proper role-based access, security controls, and Multi-Factor Authentication (MFA) across all platforms.
- Backup data, including offsite and separate storage, and regularly test restore capabilities. Ensure data is encrypted for added security.
In addition to having a robust response plan, every business should consider Cyber insurance. This coverage not only helps with indemnity for incurred costs, lost revenue, or third-party liabilities, but also provides access to expert breach responders who can help restore operations and protect the company’s reputation.
How we can help
Speak with one of our experts to access a complementary cyber vulnerability assessment report and to obtain a cyber quotation here.
If you’re not sure where to start when it comes to your cyber security strategy, or you would like a second opinion to ensure your data is as protected as possible, our sister company, Specialist Risk Insurance Solutions, offer a complimentary ‘KYND’ report, which will put you in contact with an expert team that will be happy to assess your risk.
Contact us
If you are interested in understanding how a Cyber policy could help protect your business and complement your business continuity planning, speak to a member of the team on 0208 236 5350.
Sources
- US Global Outsourcing Survey: us-global-outsourcing-survey-2022.pdf
- Global Threat Intelligence Report: Global Threat Intelligence Report January-June 2024 | Mimecast